Categorygithub.com/dghubble/oauth1
modulepackage
0.7.3
Repository: https://github.com/dghubble/oauth1.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
20
Dependents
422
Files
566 SLOC

# README

OAuth1

GoDoc Workflow Sponsors Mastodon

Package oauth1 provides a Go implementation of the OAuth 1 spec to allow end-users to authorize a client (i.e. consumer) to access protected resources on his/her behalf.

oauth1 takes design cues from golang.org/x/oauth2, to provide an analogous API and an http.Client with a Transport which signs/authorizes requests.

Install

go get github.com/dghubble/oauth1

Docs

Read GoDoc

Usage

Package oauth1 implements the OAuth1 authorization flow and provides an http.Client which can sign and authorize OAuth1 requests.

To implement "Login with X", use the gologin packages which provide login handlers for OAuth1 and OAuth2 providers.

To call the Twitter, Digits, or Tumblr OAuth1 APIs, use the higher level Go API clients.

Authorization Flow

Perform the OAuth 1 authorization flow to ask a user to grant an application access to his/her resources via an access token.

import (
    "github.com/dghubble/oauth1"
    "github.com/dghubble/oauth1/twitter"
)
...

config := oauth1.Config{
    ConsumerKey:    "consumerKey",
    ConsumerSecret: "consumerSecret",
    CallbackURL:    "http://mysite.com/oauth/twitter/callback",
    Endpoint:       twitter.AuthorizeEndpoint,
}

  1. When a user performs an action (e.g. "Login with X" button calls "/login" route) get an OAuth1 request token (temporary credentials).

    requestToken, requestSecret, err = config.RequestToken()
// handle err

  2. Obtain authorization from the user by redirecting them to the OAuth1 provider's authorization URL to grant the application access.

    authorizationURL, err := config.AuthorizationURL(requestToken)
// handle err
http.Redirect(w, req, authorizationURL.String(), http.StatusFound)

    Receive the callback from the OAuth1 provider in a handler.

    requestToken, verifier, err := oauth1.ParseAuthorizationCallback(req)
// handle err

  3. Acquire the access token (token credentials) which can later be used to make requests on behalf of the user.

    accessToken, accessSecret, err := config.AccessToken(requestToken, requestSecret, verifier)
// handle error
token := oauth1.NewToken(accessToken, accessSecret)

Check the examples to see this authorization flow in action from the command line, with Twitter PIN-based login and Tumblr login.

Authorized Requests

Use an access Token to make authorized requests on behalf of a user.

import (
    "github.com/dghubble/oauth1"
)

func main() {
    config := oauth1.NewConfig("consumerKey", "consumerSecret")
    token := oauth1.NewToken("token", "tokenSecret")

    // httpClient will automatically authorize http.Request's
    httpClient := config.Client(oauth1.NoContext, token)

    // example Twitter API request
    path := "https://api.twitter.com/1.1/statuses/home_timeline.json?count=2"
    resp, _ := httpClient.Get(path)
    defer resp.Body.Close()
    body, _ := ioutil.ReadAll(resp.Body)
    fmt.Printf("Raw Response Body:\n%v\n", string(body))
}

Check the examples to see Twitter and Tumblr requests in action.

Concepts

An Endpoint groups an OAuth provider's token and authorization URL endpoints.Endpoints for common providers are provided in subpackages.

A Config stores a consumer application's consumer key and secret, the registered callback URL, and the Endpoint to which the consumer is registered. It provides OAuth1 authorization flow methods.

An OAuth1 Token is an access token which can be used to make signed requests on behalf of a user. See Authorized Requests for details.

If you've used the golang.org/x/oauth2 package for OAuth2 before, this organization should be familiar.

Contributing

See the Contributing Guide.

License

MIT License

# Packages

Package discogs provides constants for using OAuth1 to access Discogs.
Package dropbox provides constants for using OAuth1 to access Dropbox.
Package tumblr provides constants for using OAuth 1 to access Tumblr.
Package twitter provides constants for using OAuth1 to access Twitter.
Package xing provides constants for using OAuth1 to access Xing.

# Functions

NewClient returns a new http Client which signs requests via OAuth1.
NewConfig returns a new Config with the given consumer key and secret.
NewToken returns a new Token with the given token and token secret.
ParseAuthorizationCallback parses an OAuth1 authorization callback request from a provider server.
PercentEncode percent encodes a string according to RFC 3986 2.1.
StaticTokenSource returns a TokenSource which always returns the same Token.

# Variables

HTTPClient is the context key to associate an *http.Client value with a context.
NoContext is the default context to use in most cases.

# Structs

Base64Noncer reads 32 bytes from crypto/rand and returns those bytes as a base64 encoded string.
Config represents an OAuth1 consumer's (client's) key and secret, the callback URL, and the provider Endpoint to which the consumer corresponds.
Endpoint represents an OAuth1 provider's (server's) request token, owner authorization, and access token request URLs.
HexNoncer reads 32 bytes from crypto/rand and returns those bytes as a base64 encoded string.
HMAC256Signer signs messages with an HMAC SHA256 digest, using the concatenated consumer secret and token secret as the key.
HMACSigner signs messages with an HMAC SHA1 digest, using the concatenated consumer secret and token secret as the key.
RSASigner RSA PKCS1-v1_5 signs SHA1 digests of messages using the given RSA private key.
Token is an AccessToken (token credential) which allows a consumer (client) to access resources from an OAuth1 provider server.
Transport is an http.RoundTripper which makes OAuth1 HTTP requests.

# Interfaces

Noncer provides random nonce strings.
A Signer signs messages to create signed OAuth1 Requests.
A TokenSource can return a Token.